diff options
Diffstat (limited to 'jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java')
-rw-r--r-- | jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java index 1fe8d73eb44..530e0447619 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java @@ -34,6 +34,7 @@ import static com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFil import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; import static com.yahoo.security.SubjectAlternativeName.Type.RFC822_NAME; import static com.yahoo.vespa.athenz.zpe.AuthorizationResult.Type; +import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.notNullValue; import static org.hamcrest.CoreMatchers.nullValue; @@ -108,6 +109,8 @@ public class AthenzAuthorizationFilterTest { filter.filter(request, responseHandler); assertStatusCode(responseHandler, 401); + assertErrorMessage(responseHandler, "Not authorized - request did not contain any of the allowed credentials: " + + "[Athenz X.509 role certificate, Athenz access token with X.509 identity certificate]"); } @Test @@ -184,6 +187,13 @@ public class AthenzAuthorizationFilterTest { verify(request).setAttribute(MATCHED_ROLE_ATTRIBUTE, role.roleName()); } + private static void assertErrorMessage(MockResponseHandler responseHandler, String errorMessage) { + Response response = responseHandler.getResponse(); + assertThat(response, notNullValue()); + String content = responseHandler.readAll(); + assertThat(content, containsString(errorMessage)); + } + private static class AllowingZpe implements Zpe { @Override |